Cross-Site Scripting (XSS) vulnerability in SAP Business Objects
Publish date
14 July 2020
Identifier
CVE-2020-6278
Manufacturer
SAP (sap.com)
Product
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1 and 4.2
Authors
Benjamin Marr and Margus Lind
Description
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting.
Mitigation
Update to the latest release of SAP Business Objects.